Hello all, first post here. I have been asked to help a friend with their system which has become infected with the Crypt0l0cker virus. This has taken hold today and changed all user files to "encrypted" - and I have found no way to get the files back or get rid of the virus. There is a suspicious startup entry that keeps coming back, c:\programdata\updater\updater.exe and also c:\programdata\icilizhp.exe (but no such exe file exists) If I stop "Updater.exe" in task manager, it instantly restarts, making me think it is a service, but looking in SERVICES.MSC, I can't locate it at all. I have two questions - how do I be sure that the Crypt0l0cker virus is no longer on my system, and also is there any way to decrypt my files? Or is my only hope to use the Shadow Explorer software to get files back from the VSS? Any urgent response would be much appreciated, as I am not experienced with RansomWare. Thanks
